In January 2016, the United States Secretary of Transportation announced that the USDOT was proceeding with the federal motor vehicle safety standard (FMVSS) 150 based on vehicle-to-vehicle (V2V) communications technology called Dedicated Short-Range Communications (DSRC). DSRC operates over a 75 MHz frequency band centered at 5.9 GHz, which had previously been allocated by the FCC to support a broad range of intelligent transportation systems (ITS) applications. During the period 2002-2009, the IEEE developed the 1609 suite of protocol specifications governing the use of the band, which is divided into 7 channels, each with 10 MHz width. Four of the channels support an IPv6 (Internet Protocol Version 6) interface, which means that UDP/IPv6 or TCP/IPv6-based application software can operate over these channels.
The protocol specifications contained in the IEEE 1609 suite, commonly known as Wireless Access Vehicle Environment (WAVE) and incorporated herein by reference, incorporate security provisions to ensure authentication of WAVE-enabled on-board equipment (OBE) attempting to communicate with roadside equipment (RSE). The terminology OBE and RSE is commonly interchanged with OBU (On-board Unit) and RSU (Roadside Unit). OBU typically includes, but is not limited to, a mobile computing device enabled for DSRC communications, meeting the requirements for V2V specified in SAE J2945/1 and SAE J2945/2, or the requirements for V2P, to be specified in future variants of SAE J2945. RSU typically includes, but is not limited to, a stationary or quasi-stationary computing device enabled for DSRC communications, compliant with the IEEE 802.11p specification for the DSRC MAC and PHY layers, the WAVE protocol stack and capable of broadcasting WAVE Service Advertisements (WSAs) on the DSRC Control Channel (CCH). OBU devices without valid security credentials can be effectively denied the WSAs of the RSU, which is typically accomplished by simply discarding transmissions sent by the OBU. WSA are periodic messages defined by the IEEE 1609 protocol suite that identifies services available on the network.
These aforementioned security provisions present in the IEEE 1609 protocol are aimed at controlling access to services resident in the RSU or accessible to the RSU through dedicated application software in the RSU; i.e. services of which the RSU is “aware” and for which the RSU has the policy responsibility to control access. Examples of such services include, but are not limited to, traveler information, in-vehicle signage, navigation, traffic management, weather information, safety, electronic payment, network services, configuration management, and the like.
In the case of IPv6 communications, the role of the RSU is to route IPv6 datagrams towards their destination address. The WAVE architecture provides for authentication of an OBU based on a digital signature in the header of WAVE Short Message Protocol (WSMP) messages originating from the OBU. The digital signature is generated by the OBU according to an asymmetrical encryption technique and the message transmitted also includes the certificate containing the public key so that the receiving RSU can decrypt the signature. A DSRC infrastructure authority (“infrastructure authority”) may propagate the Certificate Revocation List to the RSUs, which identifies OBU devices for which the security credentials are no longer valid. This can be used by the RSU as a criterion for discarding OBU messages sent using WSMP.
In U.S. patent application Ser. No. 14/151,035, incorporated herein by reference, discloses a system which enables a user-interface device, such as a Smartphone or tablet, to establish connectivity to the Internet by using the mechanism defined in RFC 4861 for Router Discovery. This mechanism allows a user device to attach itself to an OBU using Stateless Address Auto-configuration (SLAAC), for example through a WiFiPeertoPeer (WiFiDirect) interface. The OBU acts as an IPv6 router for the user device to connect with the Internet through any RSU which advertises the availability of one or more WAVE Service Channels for this purpose. The system also provides the foundation of the methods for authentication of the user device.